diff --git a/core/class/template.class.php b/core/class/template.class.php index 3420371..4f06acd 100644 --- a/core/class/template.class.php +++ b/core/class/template.class.php @@ -269,11 +269,16 @@ class template { /** * Ouvre un formulaire protégé par CSRF * @param string $id Id du formulaire + * @param string $action action du formulaire * @return string */ - public static function formOpen($id) { + public static function formOpen($id, $action = '') { // Ouverture formulaire - $html = '
'; + if($action === ''){ + $html = ''; + } else { + $html = ''; + } // Stock le token CSRF $html .= self::hidden('csrf', [ 'value' => $_SESSION['csrf'] @@ -285,11 +290,16 @@ class template { /** * Ouvre un formulaire avec pièce jointe protégé par CSRF * @param string $id Id du formulaire + * @param string $action action du formulaire * @return string */ - public static function formOpenFile($id) { - // Ouverture formulaire - $html = ''; + public static function formOpenFile($id, $action = '') { + // Ouverture formulaire + if($action === ''){ + $html = ''; + } else { + $html = ''; + } // Stock le token CSRF $html .= self::hidden('csrf', [ 'value' => $_SESSION['csrf'] diff --git a/core/core.php b/core/core.php index 724bd7e..a3b8ba4 100644 --- a/core/core.php +++ b/core/core.php @@ -1299,7 +1299,7 @@ class common { */ echo '
'; $this->showContent(); - if( $this->getData(['page', $this->getUrl(0), 'commentEnable']) === true ) $this->showComment(); + if( $this->getData(['page', $this->getUrl(0), 'commentEnable']) === true && strlen($this->getUrl(1)) < 3 ) $this->showComment(); if (file_exists(self::DATA_DIR . 'body.inc.php')) { include(self::DATA_DIR . 'body.inc.php'); } @@ -1358,7 +1358,15 @@ class common { * */ public function showComment() { - include('./core/include/comment.inc.php'); + // Si la page est accessible + if( $this->getData(['page', $this->getUrl(0), 'group']) === self::GROUP_VISITOR + OR ( + $this->getUser('password') === $this->getInput('DELTA_USER_PASSWORD') + AND $this->getUser('group') >= $this->getData(['page', $this->getUrl(0), 'group']) + ) + ) { + include('./core/include/comment.inc.php'); + } } /** diff --git a/core/include/comment.inc.php b/core/include/comment.inc.php index aac0b30..71506ad 100644 --- a/core/include/comment.inc.php +++ b/core/include/comment.inc.php @@ -24,7 +24,7 @@ if($this->isPost() && isset($_POST['commentPageFormPrev' ])){ } // Traitement de l'envoi du formualire -if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { +if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { // $notice concerne la détection d'erreurs @@ -48,15 +48,15 @@ if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { if( $detectBot === 'bot') $_SESSION['humanBot']='bot'; } // $_SESSION['humanBot']==='bot' ou option 'Pas de Captcha pour un humain' non validée - elseif( md5($code) !== $_SESSION['captcha'] ) { + elseif( md5($code) !== $_SESSION['captcha'] ) { $notice = $text['core']['showComment'][1]; } - } - + } + // Lecture des inputs $valueText = $this->getInput('commentPageFormInput[0]', helper::FILTER_STRING_SHORT, true); $valueTextarea = $this->getInput('commentPageFormInput[1]', helper::FILTER_STRING_LONG_NOSTRIP, true); - + // Mise à jour du brouillon $_SESSION['draftPage']['text'] = $valueText; $_SESSION['draftPage']['textarea'] = $valueTextarea; @@ -69,7 +69,7 @@ if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { if( $valueText !== '') $content .= '' . $text['core']['showComment'][9] . ' : ' . $valueText . '
'; if( $valueTextarea !== '') $content .= '' . $text['core']['showComment'][10] . ' : ' . $valueTextarea . '
'; // Données - $data[$text['core']['showComment'][9]] = $valueText; + $data[$text['core']['showComment'][9]] = $valueText; $data[$text['core']['showComment'][10]] = $valueTextarea; // Bot présumé, la page sera actualisée avec l'affichage du captcha complet @@ -106,7 +106,7 @@ if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { $group > 0 || $singleuser !== '' || $singlemail !== '' ) - ) { + ) { // Utilisateurs dans le groupe $to = []; if ($group > 0){ @@ -152,25 +152,25 @@ if($this->isPost() && isset($_POST['commentPageFormSubmit']) ) { } } else { $sent = false; - } - + } + // Notifications if( $sent === true) { $_SESSION['DELTA_NOTIFICATION_SUCCESS']= $text['core']['showComment'][4]; $_SESSION['DELTA_NOTIFICATION_ERROR'] = ''; } else { $_SESSION['DELTA_NOTIFICATION_SUCCESS']= ''; - $_SESSION['DELTA_NOTIFICATION_ERROR'] = $text['core']['showComment'][5]; + $_SESSION['DELTA_NOTIFICATION_ERROR'] = $text['core']['showComment'][5]; } - $this->showNotification(); + $this->showNotification(); } // Préparation de la liste paginée des commentaires // Initialisation de la pagination -$nbPage =0; +$nbPage =0; if ( !isset($_SESSION[$commentNumPage] )) $_SESSION[$commentNumPage] = 1; $dataPage = $this->getData(['comment', $this->getUrl(0), 'data']); if ( NULL !== $dataPage && is_array($dataPage) && $dataPage !== [] ) { - $nbPage = round(count( $dataPage) / self::ITEMSPAGE, 0, PHP_ROUND_HALF_UP); + $nbPage = ceil(count( $dataPage) / self::ITEMSPAGE); if( $_SESSION[$commentNumPage] > $nbPage ) $_SESSION[$commentNumPage] = $nbPage; if( $_SESSION[$commentNumPage] <= 0 ) $_SESSION[$commentNumPage] = 1; $paramPage = $this->getUrl() .'/'. $_SESSION[$commentNumPage]; @@ -237,7 +237,9 @@ echo '';